I know the theory. I'm also a programmer. I just never bothered to install a root cert before. But I do know how to make them.
I'll dig around in FireFox and see where it is and how its done. As for the bank. We build it and they break it. Not my fault. On Thu, Aug 25, 2011 at 01:51:01PM -0700, Craig White wrote: > the answer lies with the people who wrote the software for the certificate > store since the whole point is trust. > > If users could manipulate the root certificate store, then it would be > impossible to trust anything. > > Generally, you can add certificates by double clicking them and choosing the > correct answer (where to store, how much to trust) > > You can open 'keychain access' on a Macintosh or use Windows MMC to delete > certificates. > > Banks are entirely sensitive to the issue of SSL and Certificates - they have > to be. If your computer doesn't automatically trust your bank's certificates, > then you either need to fix your computer or get a new bank. > > The real answer to your problem is this... If you can't trust the root > certificates that are part of your OS, then copy everything off the hard > drive and re-install a fresh copy of your OS. That is the only way you can > trust that your root certificates do what they are supposed to do. > > Craig > > On Aug 25, 2011, at 1:28 PM, t...@terralogic.net wrote: > > > > > I already know its my certificate store. I only asked how to load in their > > noew root cert > > > > On Thu, Aug 25, 2011 at 01:09:20PM -0700, Craig White wrote: > >> Go to an entirely different computer and try accessing - you will know if > >> it's your computer or their certificates. > >> > >> If it's your computer, it's either your browser or your OS Certificate > >> store (Windows and Macintosh use entirely different methods to accomplish). > >> > >> Firefox uses it's own certificates... if it's Firefox on your computer... > >> uninstall it completely and re-install it. > >> > >> If it's Chrome, Safari or Internet Explorer, it uses the OS certificate > >> store and you will probably need to get the OS to update the Root > >> Certificates. > >> > >> This is all pretty much beyond what a user can manage but some users can > >> manage them, but this is the wrong list... it would be an OS problem. > >> > >> Craig > >> > >> On Aug 25, 2011, at 12:06 PM, t...@terralogic.net wrote: > >> > >>> TDWaterhouse In Canada. I'm in Calgary. THose idjots tell me to reboot > >>> my computer when their Apache servers in TO send me a misconfiguration > >>> message. I told them yesterday we build it and you break it. Something > >>> is desperatly wrong. > >>> > >>> > >>> On Thu, Aug 25, 2011 at 02:10:11PM -0400, Crypto Sal wrote: > >>>> Firefox has its own certificate store. It doesn't share '/etc/ssl/certs'. > >>>> > >>>> If we had the bank URL, we would be able to better help you to resolve > >>>> this issue. > >>>> > >>>> > >>>> On 08/25/2011 01:45 PM, t...@terralogic.net wrote: > >>>>> I know you are trying to help. But it doesn't help me to defer to a > >>>>> package manager because I'm trying to fix what the last package > >>>>> managers screwed up. > >>>>> > >>>>> On Thu, Aug 25, 2011 at 04:09:44AM -0500, Michael S. Zick wrote: > >>>>>> On Wed August 24 2011, t...@terralogic.net wrote: > >>>>>> Top posting to a hijacked thread is not the way to get > >>>>>> a quick and useful reply. > >>>>>> Next time, start your own. Mailing list threads are cheap. > >>>>>> > >>>>>>> I see my bank has an invalid cert. Likely I have an old cert chain. > >>>>>>> I'm running Debian Linux and firefox. > >>>>>>> > >>>>>> Use anyone of the distribution provided package managers to download > >>>>>> and > >>>>>> install the most recently released package of certificates. > >>>>>> > >>>>>>> Can anyone tell me where to install a valid root cert? Like what > >>>>>>> directory? > >>>>>>> I would think the bank should be able to provide the root of the > >>>>>>> chain. > >>>>>>> I'll need to know SPECICALLY what to ask them for. > >>>>>>> > >>>>>> Asking the operator of the site you wish to authenticate for the > >>>>>> certificate > >>>>>> is similar to asking the Fox to guard your Chicken House. > >>>>>> > >>>>>> Get the root certificate from an "independent", trusted, source. > >>>>>> Using your distribution's package management will take care of that > >>>>>> concern. > >>>>>> > >>>>>>> I've created my own certs of course but just not recently. > >>>>>>> Also I never tried to install the CA cert for firefox. > >>>>>>> > >>>>>> Your distribution's package manager already has that handled. > >>>>>> All you have to do is use it. > >>>>>> > >>>>>> Mike > >>>>>> ______________________________________________________________________ > >>>>>> OpenSSL Project http://www.openssl.org > >>>>>> User Support Mailing List openssl-users@openssl.org > >>>>>> Automated List Manager majord...@openssl.org > >>>>> ______________________________________________________________________ > >>>>> OpenSSL Project http://www.openssl.org > >>>>> User Support Mailing List openssl-users@openssl.org > >>>>> Automated List Manager majord...@openssl.org > >>>>> > >>>> > >>>> ______________________________________________________________________ > >>>> OpenSSL Project http://www.openssl.org > >>>> User Support Mailing List openssl-users@openssl.org > >>>> Automated List Manager majord...@openssl.org > >>> ______________________________________________________________________ > >>> OpenSSL Project http://www.openssl.org > >>> User Support Mailing List openssl-users@openssl.org > >>> Automated List Manager majord...@openssl.org > >> > >> -- > >> Craig White ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ craig.wh...@ttiltd.com > >> 1.800.869.6908 ~~~~~~~~~~~~~~~~~~~~~~~~~~~ www.ttiassessments.com > >> > >> Need help communicating between generations at work to achieve your > >> desired success? Let us help! > >> > >> ______________________________________________________________________ > >> OpenSSL Project http://www.openssl.org > >> User Support Mailing List openssl-users@openssl.org > >> Automated List Manager majord...@openssl.org > > ______________________________________________________________________ > > OpenSSL Project http://www.openssl.org > > User Support Mailing List openssl-users@openssl.org > > Automated List Manager majord...@openssl.org > > -- > Craig White ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ craig.wh...@ttiltd.com > 1.800.869.6908 ~~~~~~~~~~~~~~~~~~~~~~~~~~~ www.ttiassessments.com > > Need help communicating between generations at work to achieve your desired > success? Let us help! > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
